Discord Bot Token

Description

General

• Documentation: https://discord.com/developers/docs/intro

• Summary: Discord is an instant messaging and VoIP application. Bots can read and send text messages, join VoIP discussions and manage servers via its API. A token is needed for authentication. This detector finds them.

• IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.

• Scopes: A bot can have no permissions or it can be the administrator of a discord server. See the documentation.

Revoke the secret

A token can be regenerated from the developer portal.

Check for suspicious activity

Audit Log are accessible in each Discord server settings. Review of the logs of every Discord server accessible by the bot is important.

Details for Discord bot token

• Family: Api

• Category: Messaging system

• Company: Discord

• High recall: False

• Validity check available: True

• On-premise instances exist: False

• Only valid secrets raise an alert: True

• Minimum number of matches: 1

• Occurrences found for one million commits: very rare

• Prefixed: False

• PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - '[m-z][a-z0-9_-]{23}\.[a-z0-9_-]{6}\.[a-z0-9_-]{27}'

Examples

- text: |
    bot.run('MZ1yGvKTjE0rY0cV8i47CjAa.uRHQPq.Xb1Mk2nEhe-4iUcrGOuegj57zMC')
  apikey: MZ1yGvKTjE0rY0cV8i47CjAa.uRHQPq.Xb1Mk2nEhe-4iUcrGOuegj57zMC
- text: |
    "token": "Nzk5MjgxNDk0NDc2NDU1OTg3.YABS5g.2lmzECVlZv3vv6miVnUaKPQi2wI",
  apikey: Nzk5MjgxNDk0NDc2NDU1OTg3.YABS5g.2lmzECVlZv3vv6miVnUaKPQi2wI
- text: bot.run('MZ1yGvKTjE0rY0cV8i47CjAa.uRHQPq.Xb1Mk2nEhe-4iUcrGOuegj57zMC')

  apikey: MZ1yGvKTjE0rY0cV8i47CjAa.uRHQPq.Xb1Mk2nEhe-4iUcrGOuegj57zMC